GithubHelp home page GithubHelp logo

brunothums / berate_ap Goto Github PK

View Code? Open in Web Editor NEW

This project forked from sensepost/berate_ap

0.0 0.0 0.0 405 KB

Script for orchestrating mana rogue WiFi Access Points.

License: BSD 2-Clause "Simplified" License

Shell 98.80% Makefile 1.20%

berate_ap's Introduction

Berate_ap

Create_ap has been modified to run EAP networks and hostapd-mana with multiple options

Setup

This script requires hostapd-mana to be in the path.

This may be done by adding the binary to your path directly:

export PATH="$PATH:/path/to/hostapd-mana"

To make this permanent you may add to your shells .rc file

or you may link hostapd-mana into a directory that is within your path

cd /usr/bin
sudo ln -s /path/to/hostapd-mana hostapd-mana

Attacks

Run Mana to trick users into connecting to your access point. The eap users file is not passed so that the default mana eap user file is used:

berate_ap --eap --mana wlan0 eth0 MyAccessPoint

Mana WPE attacks are no longer done by default when using --mana and have to be enabled seperatly:

berate_ap --eap --mana-wpe wlan0 eth0 MyAccessPoint

Other Mana WPE options avaliable are --mana-eapsuccess and --mana-eaptls, the location of the credout file is by default /tmp/hostapd.credout but may be specified with --mana-credout <file> (Preferable to use full path). More information on these may be found in the Hostapd-mana wiki.

Run Mana with WPA capture enabled. This currently requires that mana attacks be disabled. hccapx will be placed at /tmp/hostapd.hccapx, this may be specified with --mana-wpaout <file>:

berate_ap --mana-wpa -n wlan0 <target Network Name> "ANYPASSWORD"

Run Mana in loud mode to show devices every access point seen by Mana:

berate_ap --eap --mana --mana-loud wlan0 eth0 MyAccessPoint

Run Mana and bridge the network connection to your ethernet address:

berate_ap --eap --mana -m bridge wlan0 eth0 MyAccessPoint

Run Mana and be stingy by not providing any upstream Internet access:

berate_ap --eap --mana -n wlan0 MyAccessPoint

More Convincing Certificate

When running your Rogue AP users may be presented with your certificate when authenticating, it is in your interest to make your certificate look as similar to the legitimate APs as possible. When running a EAP access point berate_ap will ask you to fill in fields to generate the certificate to be used, try input sensible values. To get the values of the certificate in use by the legitimate AP use this script to extract the certificate from a packet capture:

./extract_EAP.sh -r <capture file>

or interface in monitor mode:

airmon-ng start <interface> <channel>
./extract_EAP.sh -i <interface>

you may then view the certificate with:

openssl x509 -text -inform der -in <capturedcert>.der

Which will allow you to see the values set in the cert so that with berate you may generate a more appealing looking AP.

Features

  • Create an AP (Access Point) at any channel.
  • Choose one of the following encryptions: WPA, WPA2, WPA/WPA2, Open (no encryption).
  • Support for Enterprise setups
  • Hide your SSID.
  • Disable communication between clients (client isolation).
  • IEEE 802.11n & 802.11ac support
  • Internet sharing methods: NATed or Bridged or None (no Internet sharing).
  • Choose the AP Gateway IP (only for 'NATed' and 'None' Internet sharing methods).
  • You can create an AP with the same interface you are getting your Internet connection.
  • You can pass your SSID and password through pipe or through arguments (see examples).

Dependencies

General

  • bash (to run this script)
  • util-linux (for getopt)
  • procps or procps-ng
  • hostapd
  • iproute2
  • iw
  • iwconfig (you only need this if 'iw' can not recognize your adapter)
  • haveged (optional)

For 'NATed' or 'None' Internet sharing method

  • dnsmasq
  • iptables

Installation

Generic

git clone https://github.com/sensepost/berate_ap

Examples

No passphrase (open network):

berate_ap wlan0 eth0 MyAccessPoint

WPA + WPA2 passphrase:

berate_ap wlan0 eth0 MyAccessPoint MyPassPhrase

AP without Internet sharing:

berate_ap -n wlan0 MyAccessPoint MyPassPhrase

Bridged Internet sharing:

berate_ap -m bridge wlan0 eth0 MyAccessPoint MyPassPhrase

Bridged Internet sharing (pre-configured bridge interface):

berate_ap -m bridge wlan0 br0 MyAccessPoint MyPassPhrase

Internet sharing from the same WiFi interface:

berate_ap wlan0 wlan0 MyAccessPoint MyPassPhrase

Choose a different WiFi adapter driver

berate_ap --driver rtl871xdrv wlan0 eth0 MyAccessPoint MyPassPhrase

No passphrase (open network) using pipe:

echo -e "MyAccessPoint" | berate_ap wlan0 eth0

WPA + WPA2 passphrase using pipe:

echo -e "MyAccessPoint\nMyPassPhrase" | berate_ap wlan0 eth0

Enable IEEE 802.11n

berate_ap --ieee80211n --ht_capab '[HT40+]' wlan0 eth0 MyAccessPoint MyPassPhrase

Client Isolation:

berate_ap --isolate-clients wlan0 eth0 MyAccessPoint MyPassPhrase

Enterprise Network built-in RADIUS

berate_ap --eap --eap-user-file /tmp/users.eap_hosts --eap-cert-path /tmp/certificates wlan0 eth0 MyAccessPoint

Enterprise Network Remote RADIUS

berate_ap --eap --radius-server 192.168.1.1:1812 --radius-secret=P@ssw0rd wlan0 eth0 MyAccessPoint

Systemd service

Using the persistent systemd service

Start service immediately:

systemctl start create_ap

Start on boot:

systemctl enable create_ap

License

FreeBSD

berate_ap's People

Contributors

oblique avatar cablethief avatar hashken avatar singe avatar nicohood avatar ihavenoface avatar 0x0blu avatar guillomovitch avatar wsxarcher avatar ichpuchtli avatar proger avatar webreflection avatar eduardohenriquearnold avatar evertheylen avatar leonjza avatar 2xsaiko avatar mika avatar no0be avatar l0g4n avatar graysky2 avatar mid-kid avatar pldubouilh avatar solsticedhiver avatar zhanghaha avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.